Metasploit Can Be Directly Used For Hardware Penetration Testing Now

Security researchers and penetration testers have used the open source Metasploit Framework to probe for vulnerabilities, run exploits, and simulate real-world attacks against software and networks .

Rapid7 has added a hardware bridge to its Metasploit penetration testing framework, making it easier for users to analyze Internet of Things (IoT) devices.

IoT’s growing up Vastly With more than 20 billion Internet of Things (IoT) devices expected by 2020 .IoT devices not only create new opportunities for attackers to invade networks to steal information, they can also be hacked to gain access to physical spaces and assets, or even cause harm to users.

As users become more dependent on the functionality of connected devices, the risk represented by loss of use or corrupted use becomes even greater.

Rapid7 announced the availability of a new Hardware Bridge API for Metasploit that extends the tool’s capabilities into the hardware realm.

Rapid7 Researcher’s said , ” The Hardware Bridge API extends Metasploit’s capabilities into the physical world of hardware devices. Much in the same way that the Metasploit framework helped unify tools and exploits for networks and software, the Hardware Bridge looks to do the same for all types of hardware”

Also Read : How to Launch a DoS Attack by using Metasploit Auxiliary

How does it work?

There are two ways to connect a physical device to Metasploit:

1. Build support directly into your firmware to make your device Metasploit compatible, or
2. Create a relay service.

A relay service is required if your device does not have a way to naturally communicate on Ethernet. Many useful hardware tools such as Software Defined Radio (SDR) devices are controlled solely through a USB port.

First Release of Metasploit Hardware Vulnerability Testing comes with support SocketCAN. Linux System can support CAN bus sniffer that support SocketCAN you can get started without anything else.

So CAN Bus can Directly Interact with local_hwbridge in Metasploit Auxiliary Module that can used in locally or on a remote machine.

Once your Hardware Device Connected with Metasploit installed system ,it will automatically detect any SocketCAN interfaces . In this simulations Tested in Vehicle based CAN Bus.

Next you need to connect to a relay or a supported piece of hardware to establish a HWBridge session.

HWBridge session will be established once it connected relay and you can open the session with CAN  Buses using meterpreter.

In order to connect an SDR device like this to Metaslpoit then the machine that SDR is connected to would run a relay service. This uses a REST API, the details of which can be found here: Metasploit Hardware Bridge API .

The initial release of the hardware bridge will focus on automotive capabilities, with extensions into other hardware verticals expected throughout the year, and joins a growing library of modules that target embedded, industrial, and hardware devices.

The initial release of the hardware bridge will focus on automotive capabilities, with extensions into other hardware verticals expected throughout the year, and joins a growing library of modules that target embedded, industrial, and hardware devices.

According to the Rapid7, Initial sample modules include capabilities on Controller Area Network (CAN bus), with plans for other bus systems, such as K-Line, to follow. Metasploit also currently includes a number of industrial control exploits for SCADA systems and auxiliary modules.

In addition to helping streamline vulnerability testing, the new capability will enable users to:

• Conduct comprehensive quality assessments of hardware, supported by Metasploit’s extensive library of exploits
• Leverage Metasploit as a learning and teaching tool for automotive and exotic hardware-based network research
• Write exploits that utilize hardware tools without having to worry about vendor specifics
• Use Metasploit to make automotive diagnostic decisions, removing the burden of low-level packet handling .